Safe security scanning of a production state automation system

The amount of cybersecurity threats against industrial automation systems, OT and ICS environments, as well as critical infrastructure grows at a rapid pace. Cyberattacks against such systems might cause significant economic, physical, or reputational damage to the target organization. Due to the seemingly non-ending dangers these systems face, detection methods and tools against such threats are also continuously developed. The purpose of this thesis is to study the current possibilities regarding security scanning of production state automation systems, such as industrial systems and critical infrastructure. The common scanning methods can be divided into active scanning and passive detection. Due to different issues in these methods, the best practice has conventionally been to use them both side-by-side, but more innovative practices have also been proposed and tested. As a theoretical background for the study, it is relevant to define the pros and cons of the so-called conventional solutions and the most common tools. It is also important to study the basic characteristics of the automation systems being scanned, and the effects the studied security scanning solutions have on the systems. After the preliminary study, existing commercial products, such as Tenable Active Querying and Nozomi Smart Polling, as well as emerging technologies and proposed solutions, such as delay-based scanning and UDP based scans, are studied and analysed in appropriate depth to determine possible improvements for the commonly used methods in the area. The thesis finally presents a proposal for optimal utilization of current and emerging technologies and solutions regarding security scanning of production state automation systems, based on the capabilities of current commercial products, as well as prior studies and the most recent developments in the area

Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph

Police SWAT teams and Military Special Forces face mounting pressure and challenges from adversaries that can only be resolved by way of ever more sophisticated inputs into tactical operations. Lethal Autonomy provides constrained military/security forces with a viable option, but only if implementation has got proper empirically supported foundations. Autonomous weapon systems can be designed and developed to conduct ground, air and naval operations. This monograph offers some insights into the challenges of developing legal, reliable and ethical forms of autonomous weapons, that address the gap between Police or Law Enforcement and Military operations that is growing exponentially small. National adversaries are today in many instances hybrid threats, that manifest criminal and military traits, these often require deployment of hybrid-capability autonomous weapons imbued with the capability to taken on both Military and/or Security objectives. The Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that required military response and police investigations against a fighting cell of the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade

Honeypot-based Security Enhancements for Information Systems

The purpose of this thesis is to explore honeypot-based security enhancements for information systems. First, we provide a comprehensive survey of the research that has been carried out on honeypots and honeynets for Internet of Things (IoT), Industrial Internet of Things (IIoT), and Cyber-physical Systems (CPS). We provide a taxonomy and extensive analysis of the existing honeypots and honeynets, state key design factors for the state-of-the-art honeypot/honeynet research and outline open issues. Second, we propose S-Pot, a smart honeypot framework based on open-source resources. S-Pot uses enterprise and IoT honeypots to attract attackers, learns from attacks via ML classifiers, and dynamically configures the rules of SDN. Our performance evaluation of S-Pot in detecting attacks using various ML classifiers shows that it can detect attacks with 97% accuracy using J48 algorithm. Third, for securing host-based Docker containers from cryptojacking, using honeypots, we perform a forensic analysis to identify indicators for the detection of unauthorized cryptomining, present measures for securing them, and propose an approach for monitoring host-based Docker containers for cryptojacking detection. Our results reveal that host temperature, combined with container resource usage, Stratum protocol, keywords in DNS requests, and the use of the container’s ephemeral ports are notable indicators of possible unauthorized cryptomining

Desarrollo de servicios de IoT seguros: una revisión de las plataformas de IoT orientada a la seguridad

Undoubtedly, the adoption of the Internet of Things (IoT) paradigm has impacted on our every-day life, surrounding us with smart objects. Thus, the potentialities of this new market attracted the industry, so that many enterprises developed their own IoT platforms aiming at helping IoT services’ developers. In the multitude of possible platforms, selecting the most suitable to implement a specific service is not straightforward, especially from a security perspective. This paper analyzes some of the most prominent proposals in the IoT platforms market-place, performing an in-depth security comparison using five common criteria. These criteria are detailed in sub-criteria, so that they can be used as a baseline for the development of a secure IoT service. Leveraging the knowledge gathered from our in-depth study, both researchers and developers may select the IoT platform which best fits their needs. Additionally, an IoT service for monitoring commercial flights is implemented in two previously analyzed IoT platforms, giving an adequate detail level to represent a solid guideline for future IoT developer

Review: Monitoring situational awareness of smart grid cyber-physical systems and critical asset identification

Cyber-Physical Systems (CPSs) are becoming more automated and aimed to be as efficient as possible by enabling integration between their operations and Information Technology (IT) resources. In combination with production automation, these systems need to identify their assets and the correlation between them; any potential threats or failures alert the relevant user/department and suggest the appropriate remediation plan. Moreover, identifying critical assets in these systems is essential. With numerous research and technologies available, assessing IT assets nowadays can be straightforward to implement. However, there is one significant issue of evaluating operational technology critical assets since they have different characteristics, and traditional solutions cannot work efficiently. This study presents the necessary background to attain the appropriate approach for monitoring critical assets in CPSs' Situational Awareness (SA). Additionally, the study presents a broad survey supported by an in-depth review of previous works in three important aspects. First, it reviews the applicability of possible techniques, tools and solutions that can be used to collect detailed information from such systems. Secondly, it covers studies that were implemented to evaluate the criticality of assets in CPSs, demonstrates requirements for critical asset identification, explores different risks and failure techniques utilised in these systems and delves into approaches to evaluate such methods in energy systems. Finally, this paper highlights and analyses SA gaps based on existing solutions, provides future directions and discusses open research issues

NETWORK TRAFFIC CHARACTERIZATION AND INTRUSION DETECTION IN BUILDING AUTOMATION SYSTEMS

The goal of this research was threefold: (1) to learn the operational trends and behaviors of a realworld building automation system (BAS) network for creating building device models to detect anomalous behaviors and attacks, (2) to design a framework for evaluating BA device security from both the device and network perspectives, and (3) to leverage new sources of building automation device documentation for developing robust network security rules for BAS intrusion detection systems (IDSs). These goals were achieved in three phases, first through the detailed longitudinal study and characterization of a real university campus building automation network (BAN) and with the application of machine learning techniques on field level traffic for anomaly detection. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for uncovering research gaps as the foundational basis of our proposed BA device security evaluation framework. Then, to evaluate our proposed framework the largest multiprotocol BAS testbed discussed in the literature was built and several side-channel vulnerabilities and software/firmware shortcomings were exposed. Finally, through the development of a semi-automated specification gathering, device documentation extracting, IDS rule generating framework that leveraged PICS files and BIM models.Ph.D

Information Security in Smart Grid Demonstration Environment

The ever growing population and need for energy has culminated in an energy crisis. Old, traditional energy sources are running low and the transition to renewable ones has begun. The electric grid, however, is very old, being inefficient and incapable of meeting the needs of today. One solution for these problems is to utilize a two-way flow of electricity and information, also known as Smart Grid. As Smart Grid utilizes information and communications technology, it will be exposed to information security threats. Smart Grid comprises of many systems, creating a complex automation environment. Thus, even if making Smart Grid secure is troublesome, it is essential to ensure its security since the consequences of successful attacks can be disastrous. This thesis is part of CLEEN SHOK Smart Grids and Energy Markets project and studies the information security of the Smart Grid demonstration environment. The main goals are to analyze and test the information security of the Smart Grid implementation, and to generate a best practice information security checklist for different players in the Smart Grid environment. The thesis is divided into four phases. In the literature study the focus is on information security landscape and features, as well as Smart Grid on general level. This phase includes a presentation of the conceptual model of Smart Grid and the demonstration environment on a general level. In the analysis demonstration environment is analyzed through threat modelling and closer examination of the demonstration equipment. The threat model works from the customer´s point of view, concentrating on home energy management system, and providing high abstract level analysis, whereas the examination of the equipment provides more specific analysis. In the testing, the demonstration environment is tested, and the results are presented. This phase also includes the testing layout and introduces the software used for the testing. The final section focuses on generating a best practice security list. This checklist provides the top 10 critical controls of information security for the Smart Grid environment, especially for a home automation environment. In the course of the study, it is indicated that the information security of the demonstration environment has shortages. The most common vulnerabilities are due to wrong software configurations, and using vulnerable versions of software. The most critical part of the demonstration environment is the end user's device, which in this study was ThereGate. This equipment has many security issues that need to be taken care of. Se-curing ThereGate is essential in regard to the entire system's dependability and security. To secure dependable Smart Grid, stronger methods like strong client authentication are required. As long as standards only recommend and do not require information security methods, like encryption, they will not be used, and thus, they will make the system more vulnerable. As a result, it can be said that more security research is required in order to secure a dependable Smart Grid

Steadfast in versatility : the substrate of a multi-modal practice

The research is about inventing ways to produce spaces of inspiration that catalyse curiosity and generous, resilient creativity which goes beyond the local, national or regional borders, enhancing public space, while operating in the transforming context of Estonia. The work evidences certain ‘joyful’ approaches to publicness in design activity, in which the search for functional realities not only incorporates but immerses itself in and builds upon other disciplines as well as on institutional, ideological and structural processes. When practice’s activities propagate through a multiplicity of expressions (simultaneous drawing, model-making, installations, construction supervision, texts, and so on), the set of ‘devices’ with, upon and within which the designer operates could be called the practice’s substratum (substrate). The research poses a question that to evolve a practice, is it necessary to transform its structure, purpose or agenda, or is it a question of how to renew its substrate? A closer look at an existing practice reveals how a practice’s substratum might shift in response to a contextual change. A multi-modal versatile practice bears within it the capacity to facilitate (positive) or to resist (negative) societal change. The research points to the potential for some specific open-ended ‘protocols’ to emerge from the observations offered

Trustworthy Wireless Personal Area Networks

In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems. First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX. Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions